A large portion of global commerce is done electronically over the Internet. To accommodate such electronic commerce (e-commerce), hosting infrastructures may host millions of websites. When a client (e.g., an end-user) accesses a website, such as with a web browser on a client computing device, the hosting infrastructure serves a certificate for the website to the client as part of a handshake of a security protocol. For instance, the security protocol may be a Secure Sockets Layer (SSL) protocol, and the certificate may be a SSL certificate. SSL certificates provide secure, encrypted communications between a website and a client, and are typically used by websites that require clients to submit sensitive information, such as a credit card number, password, social security number, and the like.
Most hosting infrastructures are multi-tenant, hosting multiple websites on a same Internet Protocol (IP) address. Accordingly, instead of attaching a SSL certificate to an IP address as can be done for a SSL protocol, a hosting infrastructure may attach a SSL certificate to a hostname indicated by a client's web browser based on a Server Name Indication (SNI) protocol. SNI protocol allows a client to include a requested hostname for a website in a first message of a SSL handshake. Consequently, a hosting infrastructure may serve multiple SSL certificates each attached to different hostnames for websites hosted on a same IP address, without requiring the websites to share a common certificate.
An owner of a website (e.g., a business owner) can request that a certificate be generated by a certificate authority (e.g., a public or private third party to the owner and hosting infrastructure) at any time. When a certificate is generated by a certificate authority for a website, the hosting infrastructure that hosts the website must ensure its hosting platform (e.g., load balancers and servers) is configured for the newly-generated certificate. Many hosting infrastructures host multiple websites by using virtual hosts. For instance, one virtual host is implemented for each hostname. For these hosting infrastructures to accommodate a newly-generated certificate, their hosting platform must be reconfigured for the newly-generated certificate, which requires significant effort. For instance, (i) a new virtual host must be installed, (ii) the newly-generated certificate must be mapped to the new virtual host, and (iii) a new configuration with the new mapping must be reloaded for all existing load balancers and made available to new load balancers if they are added for auto-scaling. Consequently, hosting infrastructures implementing a respective virtual host for each hostname, or any hosting infrastructures requiring a complicated certificate installation process in which a newly-generated certificate requires reconfiguration of load balancers or servers, are not well suited to scaling in terms of numbers of hosted websites.